11 Feb
2010
11 Feb
'10
8:27 a.m.
Carl wrote:
Is is possible to use ECDH with stunnel?
When using s_server and specifying the cipher I can establish a connection. But when using stunnel and specifing the same cipher, the connection is rejected with "no shared cipher".
You are correct. Stunnel currently does not generate temporary ECDH keys with EC_KEY_new_by_curve_name() function. It should be possible to provide ECDH parameters with a certificate instead: http://www.openssl.org/docs/apps/req.html It's probably also a better choice for performance, as key generation could be a CPU-intensive operation. What do you think? Best regards, Mike